✨ Extend azure.subscription.policy.assignments to include `{paramet…

…ers}` field (#5039)

* add azure.subscription.policy.assignment.parameters

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters+++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters++++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters+++++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters++++++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* add azure.subscription.policy.assignment.parameters+++++++

Signed-off-by: Manuel Weber <manuel@mondoo.com>

---------

Signed-off-by: Manuel Weber <manuel@mondoo.com>

providers/azure/resources/armsecurity.go

@@ -195,6 +195,12 @@ type PolicyAssignment struct {
 			AllowedSkus struct {
 				Value string `json:"value"`
 			} `json:"allowedSkus"`
+			Effect struct {
+				Value string `json:"value"`
+			} `json:"effect"`
+			ApprovedExtensions struct {
+				Value []string `json:"value"`
+			} `json:"approvedExtensions"`
 		} `json:"parameters"`
 		Scope     string        `json:"scope"`
 		NotScopes []interface{} `json:"notScopes"`

providers/azure/resources/azure.lr

@@ -2006,6 +2006,8 @@ private azure.subscription.policy.assignment @defaults("name enforcementMode") {
   description string
   // Policy enforcement Mode
   enforcementMode string
+  // Policy parameters
+  parameters dict
 }
 
 // Azure IoT Hub Service

providers/azure/resources/azure.lr.manifest.yaml

@@ -2060,6 +2060,7 @@ resources:
       enforcementMode: {}
       id: {}
       name: {}
+      parameters: {}
       scope: {}
     is_private: true
     min_mondoo_version: 9.0.0

providers/azure/resources/policy.go

@@ -7,8 +7,10 @@ import (
 	"context"
 	"errors"
 	"fmt"
+
 	"go.mondoo.com/cnquery/v11/llx"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert"
 	"go.mondoo.com/cnquery/v11/providers/azure/connection"
 )
 
@@ -43,13 +45,19 @@ func (a *mqlAzureSubscriptionPolicy) assignments() ([]interface{}, error) {
 
 	res := []interface{}{}
 	for _, assignment := range pas.PolicyAssignments {
+		parameters, err := convert.JsonToDict(assignment.Properties.Parameters)
+		if err != nil {
+			return nil, err
+		}
+
 		assignmentData := map[string]*llx.RawData{
 			"__id":            llx.StringData(fmt.Sprintf("azure.subscription.policy/%s/%s", assignment.Properties.Scope, assignment.Properties.DisplayName)),
 			"id":              llx.StringData(assignment.Properties.PolicyDefinitionID),
 			"name":            llx.StringData(assignment.Properties.DisplayName),
 			"scope":           llx.StringData(assignment.Properties.Scope),
 			"description":     llx.StringData(assignment.Properties.Description),
 			"enforcementMode": llx.StringData(assignment.Properties.EnforcementMode),
+			"parameters":      llx.DictData(parameters),
 		}
 
 		mqlAssignment, err := CreateResource(a.MqlRuntime, "azure.subscription.policy.assignment", assignmentData)